GDPR One Year Later: What’s Changed and What’s Still To Come for Hotels

May 23, 2019 via Lodging Magazine

The implementation of GDPR (General Data Protection Regulation) in May 2018 has affected every organization that handles the data of anyone residing in the EU—including citizens of the United States who are living abroad. GDPR intends to give consumers more transparency and control over how their data is used and stored,
including the right to request their data be deleted.

In the year since the regulation went into effect, it has left many heads spinning in the hospitality industry. GDPR doesn’t just require the property itself to comply—it also mandates that all third-party vendors handling the property’s data do so, as well. This means that should a third-party vendor or partner breach the regulation, the hotel may still be held liable. Fines can be up to 4 percent of a
company’s annual global turnover.